Major software companies like Microsoft always have a long list of bugs to fix. They can range from benign cosmetic issues to critical flaws that make software like Windows vulnerable to hacking. Usually, engineers fix such flaws before hackers ever know they existed.
In 2013, according to a new report from Reuters, hackers broke into Microsoft’s network and stole its database of bugs. The report is based on interviews with five unnamed ex-Microsoft employees, who said the bug database had not been properly secured prior to the hack.
Sophisticated hackers could use such a database to develop exploits for the vulnerabilities it contains, and in turn to hack millions of users before engineers have a chance to release patches. Microsoft determined that the vulnerabilities in the database were not exploited in breaches at other organizations that took place at the time, according to the report, but some of the former employees Reuters spoke with were not so sure.
The theft occurred in early 2013 amid a string of attacks on other big tech companies like Apple and Facebook. Microsoft said in a brief announcement that it “experienced a similar security intrusion,” but did not disclose that its bug database had been breached.